54% of UK companies reported a cyber breach or attack in the past 12 months, causing thousands of pounds’ worth of costs and disruption to their daily operations. Malware, Phishing, Ransomware, Whaling, Cyber Fraud…all of these terms are becoming the norm in day to day business operations. Cyber crime has been growing year on year in the UK and we should all now be considering a ‘cyber attack’ as much of a threat to our businesses as our competitors or a downturn in the economy, cyber criminals are out to disrupt our operations, damage our reputations and profit from us in a massive way. Reports are that ‘Ransomware’ is a billion dollar industry, we are no longer talking about individuals in their bedrooms creating viruses for fun, these are actual structured businesses and their efforts are targeted.
Are you concerned about Cyber Crime targeting your business or have you already been a victim?
The majority of cyber attacks exploit basic weaknesses in your IT systems and software, weaknesses which can easily be addressed but are often easily overlooked. In 2014 the government working in conjunction with GCHQ introduced a guide and certification to help address some of these key weaknesses and the Cyber Essentials scheme was born. The Cyber Essentials scheme is designed to make it easy for you to protect yourself and your business. Cyber Essentials focuses on 5 key IT security controls, which when adhered to are said to mitigate up to 80% of the risk of cyber attack.
Those key IT security controls are:
- Boundary firewalls and internet gateways – These are devices designed to prevent unauthorised access to or from private networks, but good setup of these devices either in hardware or software form is important for them to be fully effective.
- Secure configuration – Ensuring that systems are configured in the most secure way for the needs of the organisation.
- Access control – Ensuring only those who should have access to systems to have access and at the appropriate level.
- Malware protection – Ensuring that virus and malware protection is installed and is it up to date.
- Patch management – Ensuring the latest supported version of applications is used and all the necessary patches supplied by the vendor been applied.
There are two different tier certifications that your organisation can apply for; Cyber Essentials & Cyber Essentials Plus.
- Cyber Essentials is awarded based on a verified self-assessment. An organisation undertakes their own assessment via a questionnaire which must be approved by a senior executive such as a Director. This questionnaire is then verified by an independent Certification Body to assess whether an appropriate standard has been achieved and if so then the certification can be awarded. This option offers a basic level of assurance to your suppliers and customers and can be achieved at low cost.
- Cyber Essentials Plus offers a higher level of assurance through external testing of the organisation’s cyber security approach. The organisation is still required to complete the assessment questionnaire however an audit from a certified assessor is required prior to submitting it to a certification body. The Plus certification naturally carries a higher cost of implementation.
Once an organisation has been successful, a certificate will be awarded. Upon receiving the certificate, the organisation will be able to display the appropriate Cyber Essentials or Cyber Essentials Plus logo on its collateral.
So should you get Cyber Essentials / Essentials PLUS Certified?
If you are concerned about security, data protection, cyber fraud and your company reputation then the answer is yes. The Cyber Essentials certification is first and foremost a way of protecting your business against those common cyber threats which are becoming more and more sophisticated by the day. It is also a great way for you to build your clients confidence and trust and show them that you take data protection seriously!
Don’t have the resources to implement this in your business?
That is where we can help. Dufeu IT Solutions are a Certified Cyber Essentials Consultant, we can help take your business through the certification process, implementing the controls and creating that layered protection your business needs. Contact us today at 01933 426162 to learn more.